예제 #1
0
def test_auth_precedence_order():
    # Verify that AuthFactory uses the following precedence order
    # 1) ProvidedJwtTokenAuth
    # 2) JwtSecretAuth
    # 3) ClientCertAuth
    # 4) FedoraUserAuth
    provided_jwt_config = {'AUTH_TOKEN': 'abcd-1234'}
    jwt_secret_config = {'JWT_SECRET': '833eba93802fdfce0e3d852b0bcb624f974551864e31e5d57920471f4a6a77e7'}
    client_cert_config = {'CLIENT_CERT': 'client-cert', 'CLIENT_KEY': 'abcd-1234'}
    fedora_user_config = {'FEDORA_USER': '******', 'FEDORA_PASSWORD': '******'}

    config = {}
    config.update(provided_jwt_config)
    config.update(jwt_secret_config)
    config.update(client_cert_config)
    config.update(fedora_user_config)
    auth = AuthFactory.create(config)
    assert isinstance(auth, ProvidedJwtTokenAuth)

    del config['AUTH_TOKEN']
    auth = AuthFactory.create(config)
    assert isinstance(auth, JwtSecretAuth)

    del config['JWT_SECRET']
    auth = AuthFactory.create(config)
    assert isinstance(auth, ClientCertAuth)

    del config['CLIENT_CERT']
    del config['CLIENT_KEY']
    auth = AuthFactory.create(config)
    assert isinstance(auth, FedoraUserAuth)
예제 #2
0
def test_auth_factory_fedora_user():
    config = {'FEDORA_USER': '******', 'FEDORA_PASSWORD': '******'}
    auth = AuthFactory.create(config)
    assert isinstance(auth, FedoraUserAuth)

    session = Session()
    auth.configure_session(session)
    assert session.auth == (config['FEDORA_USER'], config['FEDORA_PASSWORD'])
예제 #3
0
def test_auth_factory_client_cert():
    config = {'CLIENT_CERT': 'client-cert', 'CLIENT_KEY': 'abcd-1234'}
    auth = AuthFactory.create(config)
    assert isinstance(auth, ClientCertAuth)

    session = Session()
    auth.configure_session(session)

    assert session.cert == ('client-cert', 'abcd-1234')
예제 #4
0
def test_auth_factory_jwt_secret():
    config = {'JWT_SECRET': '833eba93802fdfce0e3d852b0bcb624f974551864e31e5d57920471f4a6a77e7'}
    auth = AuthFactory.create(config)
    assert isinstance(auth, JwtSecretAuth)

    session = Session()
    auth.configure_session(session)

    assert session.headers.get('Authorization')
    assert session.headers['Authorization'] == f'Bearer {auth.jwt_token}'
예제 #5
0
def test_auth_factory_provided_jwt():
    config = {'AUTH_TOKEN': 'abcd-1234'}
    auth = AuthFactory.create(config)
    assert isinstance(auth, ProvidedJwtTokenAuth)

    session = Session()
    auth.configure_session(session)

    assert session.headers.get('Authorization')
    assert session.headers['Authorization'] == 'Bearer abcd-1234'
예제 #6
0
def test_auth_factory_bad_config():
    with pytest.raises(ValueError):
        config = {'not_an_auth_key': 'not_an_auth_value'}
        auth = AuthFactory.create(config)
예제 #7
0
def test_auth_factory_no_config():
    with pytest.raises(ValueError):
        config = None
        auth = AuthFactory.create(config)
예제 #8
0
    def __init__(self, config, ua_string=None, on_behalf_of=None):
        # repo root
        self.endpoint = config['REST_ENDPOINT'].rstrip('/')

        # Extract endpoint URL components for managing forward host
        parsed_endpoint_url = urlsplit(self.endpoint)
        endpoint_proto = parsed_endpoint_url.scheme
        endpoint_host = parsed_endpoint_url.netloc
        self.endpoint_base_path = parsed_endpoint_url.path

        # default container path
        self.relpath = config['RELPATH']
        if not self.relpath.startswith('/'):
            self.relpath = '/' + self.relpath
        self._path_stack = [self.relpath]
        self.fullpath = '/'.join(
            [p.strip('/') for p in (self.endpoint, self.relpath)])
        self.session = requests.Session()
        self.jwt_secret = None
        self.transaction = None
        self.load_binaries = True
        self.log_dir = config['LOG_DIR']
        self.logger = logging.getLogger(__name__ + '.' +
                                        self.__class__.__name__)
        self.ua_string = ua_string
        self.delegated_user = on_behalf_of

        self.repo_external_url = config.get('REPO_EXTERNAL_URL')
        self.forwarded_host = None
        self.forwarded_proto = None
        self.forwarded_endpoint = None
        if self.repo_external_url is not None:
            parsed_repo_external_url = urlsplit(self.repo_external_url)
            proto = parsed_repo_external_url.scheme
            host = parsed_repo_external_url.netloc
            if (proto != endpoint_proto) or (host != endpoint_host):
                # We are forwarding
                self.forwarded_host = host
                self.forwarded_proto = proto

                self.session.headers.update({
                    'X-Forwarded-Host':
                    self.forwarded_host,
                    'X-Forwarded-Proto':
                    self.forwarded_proto
                })

                self.forwarded_endpoint = f"{self.forwarded_proto}://{self.forwarded_host}{self.endpoint_base_path}"

        structure_type = config.get('STRUCTURE', 'flat').lower()
        if structure_type == 'hierarchical':
            self.creator = HierarchicalCreator(self)
        elif structure_type == 'flat':
            self.creator = FlatCreator(self)
        else:
            raise ConfigError(f'Unknown STRUCTURE value: {structure_type}')

        self.auth = AuthFactory.create(config)
        self.auth.configure_session(self.session)

        if 'SERVER_CERT' in config:
            self.session.verify = config['SERVER_CERT']